Cisco has released security updates to patch critical vulnerabilities in Cisco Integrated Management Controller (IMC) Supervisor, Unified Computing System (UCS) Director, and UCS Director Express for Big Data.
The security updates address the following vulnerabilities (along with products impacted):
- Critical Authentication Bypass Vulnerability (CVE-2019-1937): Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data.
- Critical Authentication Bypass Vulnerability (CVE-2019-1974): Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data.
- SCP User Default Credentials Vulnerability (CVE-2019-1935): Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data.
- API Authentication Bypass Vulnerability (CVE-2019-1938): Cisco UCS Director and Cisco UCS Director Express for Big Data.
Of special note, all four are critical and rated a CVSS score of 9.8.
Administrators should apply the necessary updates as soon as possible.